go-jose
go-jose copied to clipboard
square
square/go-jose: error in cryptographic primitive
I have a decryption key and a JWE token that I can decrypt in python like so:
from jose import jwe, jwt
from jose.utils import base64url_decode
TOKEN="sfsdfsdfsfs.sfsfsdfsf.sfsfsfsf"
decryption_key_bytes = base64url_decode("ODFfdsdfs879s8fs=")
decrypted_token = jwe.decrypt(TOKEN, decryption_key_bytes)
print("Decrypted token:")
print(decrypted_token)
print("\nToken contents:")
print(jwt.decode(decrypted_token, None, options={"verify_signature": False}))
Doing the "same" In golang results in the above error:
package main
import (
"encoding/base64"
"fmt"
"gopkg.in/square/go-jose.v2"
)
const customersJweRaw = "sfsdfsdfsfs.sfsfsdfsf.sfsfsfsf"
func main() {
base64Decode, err := base64.StdEncoding.DecodeString("ODFfdsdfs879s8fs=")
if err != nil {
panic(err)
}
jwe, err1 := jose.ParseEncrypted(customersJweRaw)
if err1 != nil {
fmt.Println(err1)
return
}
bytes, err2 := jwe.Decrypt(jose.JSONWebKey{Algorithm: "A256KW", Use: "A256GCM", Key: base64Decode})
if err2 != nil {
fmt.Println(err2)
return
}
fmt.Println(string(bytes))
}
I have also tried not specifying the encryption / decryption algorithm and just pass the key like so: jwe.Decrypt(base64Decode), but got the same result.
Bellow is the screenshot of the document for the token origin. I am not creator of the token, we get it from the client.
This looks a lot like the Google Play Verification API. The rest of the story to complete the steps are:
decryptedJWT:=string(bytes)
fmt.Println(decryptedJWT)
fmt.Println("Calling ParseSigned")
jws, err := jose.ParseSigned(decryptedJWT)
if err!=nil {
log.Fatal(err.Error())
}
fmt.Println("jws=", jws)
keyBytes:=getKey(config.VerificationKey) // base64 decoded bytes for verification key
verifyKey, err:=x509.ParsePKIXPublicKey(keyBytes)
if err!=nil {
log.Fatal(err)
}
fmt.Println("Calling jws.Verify()")
vkey:=verifyKey.(*ecdsa.PublicKey)
payload, err:= jws.Verify(vkey)
if err!=nil {
log.Fatal(err.Error())
}
fmt.Println("payload: ",string(payload))
